Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability.
The company has yet to assign a CVE-ID to track the flaw and didn’t provide additional details regarding the patch, only saying that it impacts Plex Media Server versions 1.41.7.x to 1.42.0.x.
Who the fuck still uses plex?
People who bought the lifetime Plex pass, and have a huge group of friends and family already connected to their servers.
Didn’t stop me.
Nice anecdote.
Didn’t stop me, either.
In fact, Jellyseerr is a game changer. Wanna talk about it?
You do realize that Jellyseerr is a fork of Overseerr which was created for Plex. So this is in no way a unique feature or even an advantage of Jellyfin over Plex…
I still use Plex because I have a lifetime pass from many years ago and Jellyfin isn’t yet as feature-rich and accessible on all of my family’s devices.
I expect to someday migrate fully to Jellyfin once Plex is enshittified to the point is being a worse experience, but that hasn’t happened yet (with the Plex pass anyway)
I’ve never used Plex. What are some of the features that you’re missing in Jellyfin? Genuinely curious.
Honestly the primary reason is some specific device support, eg. my TV has a built in Plex app but not a Jellyfin app, so switching also probably involves new hardware. I also couldn’t get Jellyfin to work with another TV using Chromecast, but I’m getting rid of that anyway.
Otherwise, maybe you can update me on these since it’s been a few since I last tried Jellyfin, some of the things that come to mind are:
- Smart collections & playlists
- Skip intros and credits
- Overall slick UI
Skip intros and credits is available on Jellyfin.
I think the Plex UI is still better than Jellyfin, but I’ve gotten used to it.
Never used the smart collections when I was on plex, so can’t speak to that.
Client availability is valid. I use an android tv, that’s been easy for me. There are mobile clients for every phone and tablet.
- I don’t know what smart collections are, but I do get automatic collections for franchises (like all “28 x later”) via a plugin. I don’t have playlists, but I guess I never felt the need for one… What would you use them for, binge watching franchises?
- skip intro and credits is a thing, built in since a few versions (used to be a plugin)
- the UI is subjective, and I don’t know any other one… I personally like how it looks, I customized quite a bit, easy to do via CSS.
Patch it to Jellyfin 10.10.7.
I did this a few months back.
Some things aren’t as great, but you get full control and your server idles way better on JellyFin.
Yeah, as long as you have a decently supported client the entire platform is very serviceable. I do wish they would get rid of the unprotected endpoints and officially support 2FA on the server and clients.
For all their anti-consumer practices Plex does at least take their security very seriously.
I posted a while back, tested the biggest open endpoints and they were properly secured, the issues just weren’t updated.
Note: Plex didn’t have SSL, and refused to implement it, until ~6 weeks after I created a POC token exploit. Here’s the GitHub repo I posted as a patch before they got their system in order: https://github.com/Fmstrat/plex-ssl. In other words, don’t give them too much credit.
I’m on Jellyfin as they banned Hetzner.
Should clarify Plex banned using Hetzner :)
i’m ootl; how was plex able to ban them? isn’t hetzner just a vps provider? (not questioning you; just curious)
Plex blocked Hetzner IPs, so servers hosted there can’t reach plex.tv to auth users or validate plex pass.
that’s wild :o
That’s what you get for using anything that doesn’t work fully offline. Seriously people still defending Plex and not seeing that it will bite them back sooner or later are delusional.
Given that hardware doesn’t die, my Jellyfin will probably work until the heat death of the universe.
I’ve been using a reverse proxy on a Hetzner VPS pointing at my home plex server for years without issue. Maybe this only applies to people running the actual Plex software on a Hetzner VPS?
https://torrentfreak.com/plex-will-block-media-servers-at-prevalent-hosting-company-230915/
There’s the story but there’s not much tea.
I’m guessing there were just enough complaints and Hetzner refused to take anything down.
Really bizarre to license people self-hosting software and then refuse them from hosting it in certain places over what content they choose to put up.
I wonder if they’ll just roll through all the VPS now.
